David Weinehall is the maintainer of the Linux 2.0 kernel. Alan Cox [interview] handed over maintainership of the 2.0 kernel over 4 years ago. David explains in his own words:

"In December 1999, a naughty bug that allowed any local user to crash a 2.0-machine surfaced. Alan Cox admitted that he didn't have any time left to work on the 2.0 kernel any longer, and told me that if I wanted to become maintainer for 2.0 and fix this bug (and some other bugs while at it), it was fine with him."

In this interview David talks about his past, and the things he's doing now.

Markus Hästbacka: Please, share a bit of yourself and your past...

David Weinehall: Well, my computing started with the Commodore 64, a computer I still do some programming on from time to time. I got into Linux when I got myself my first 386, an IBM PS/2. Since it had an MCA-bus rather than a PCI or ISA-bus, getting Linux to run problem-free on it wasn't a walk in the park. I found some patches that got it to work pretty good, but I realised that noone was trying very actively to get them into the kernel.

After some time I decided to volunteer to maintain the MCA-support for the kernel, and thus my kernel-hacking days begun. In December 1999, a naughty bug that allowed any local user to crash a2.0-machine surfaced. Alan Cox admitted that he didn't have any time left to work on the 2.0 kernel any longer, and told me that if I wanted to become maintainer for 2.0 and fix this bug (and some other bugs while at it), it was fine with him..

In autumn 2002 I also started to work quite a lot for the Debian-project, and I soon decided to try to become an official Debian-developer. In February 2003 I became accepted, after a series of tests and some waiting. The Debian New Maintainer process can be perceived as pretty time-consuming and tedious, but I found it to be interesting and a great way of finding out who's serious and who's not...

When not computing, I read a lot (mostly fantasy, sci-fi, and Stephen King), watch a lot of movies (only been to the cinema 4 times so far this year though, but I'll try to improve on that soon, after all, I've only seen The Return of the King once, at the premiere, and I haven't seen Lost in Translation yet), and write a lot of poetry. I also like to play pool, but I can't claim to be particularly good. Oh, and I'm a big fan of the hockey-team Björklöven, and I try to attend their every game.

MH: What do you use your Commodore 64 for these days?

David Weinehall: Programming... Demo-programming and some work on my BBS-program C*Base. I'm still active in the old 64-group TRIAD.

MH: Is any of your poetry online?

David Weinehall: All of it is available at http://www.acc.umu.se/~tao/poetry/ Approximately 1500 poems. VERY varying quality though; a lot of it is 12-15 years old. I was a very active poet in my high school years.

MH: So you became the 2.0 maintainer after 2.0.38.. What's the status of 2.0 now? How many users do you think still uses 2.0?

David Weinehall: Dunno. It's hard to tell, since I don't get a lot of feedback. I have a few very helpful testers, mainly in Japan & Finland (I don't know why these two countries dominate my userbase though.) But I'm thankful for all the feedback I get. I suspect that the userbase for 2.0 is much bigger than is evident from the feedback though, I think that a lot of embedded devices probably have 2.0-kernels, and that those devices are firewalled in a matter that new kernel-releases that fix security-issues are not really that urgent.

MH: I noticed that you said that you'll release 2.0.40 soon in July 2002 [story], what happened back then?

David Weinehall: Ehrmm... I could go on and on here blaming this and that, but to be honest, I don't have a lot of good excuses.

Until the middle of August 2002 I did some more releases, and then I began working on what was going to be -rc7, which had some quite massive changes due to some uncovered information-leaks. These changes took longer than expected, and I also got side-tracked by my work with Debian. Then I had a hard-disk crash in January (yes, an IBM DeathStar, of course... Heed my advice, never buy one!). While I had backups and of most of my stuff, I didn't have a backup of my latest kernel-tree, so I had to spend some time verifying the integrity of the kernel-tree that I managed to recover.

In spring 2003 I also managed to get a full-time job in Stockholm, doing Linux-programming (mostly PHP, but also some kernel-hacking and system-integration) all day, I didn't really feel that attracted by programming in my spare-time.

OF course, I felt bad from time to time not having released -rc7 yet, but when you haven't touched something in a long time, it's very easy to push it just a little further into the future...

Well, my job and the year 2003 ended together, so I returned to my home-town Umeå, and since I didn't spend 10 hours a day in front of a computer doing programming for a living, I had to start programming for fun again... Thus 2.0.40-rc7 (soon followed by 2.0.40-rc8, since I indeed seem to have stopped programming in the middle of a change); I've also done a lot of programming on my BBS-program for the Commodore 64 (running a BBS on a C64 is great fun, especially if you have it hooked up to the Internet), because I feel the urge to do some assembly-programming now and then, and I only know 6510 and MIPS-assembly (and to some decent amount, ARM-assembly.)

Since I'm currently unemployed, I'd really like to take the chance to do some shameless self-advertising: anyone who needs a Debian-developer, kernel-maintainer, system-administrator/integrator (Linux, AIX, and Solaris experience), or programmer of C, 6510-assembler or PHP (yes, I can do website development, just don't ask me to do the design; I can do all (X)HTML/CSS for them, but you wouldn't like me to do the artworks...) contact me...

MH: So the release was pushed further into the future because of your work, but how did you get back the inspiration to develop kernel again?

David Weinehall: Well, I had to do some programming (others are addicted to caffeine, nicotine, alcohol, or other even nastier things, I'm addicted to programming and chocolate...), and the kernel was on top of my TODO-list (yes, I do have one, on my Tungsten, it beeps now and then to inform me that I should've released this or that program a long time ago...)

MH: When was the last local/remote root exploit in the 2.0 series?

David Weinehall: Local: 2.0.39 had a local root exploit (dumpable-race). Which is fixed in 2.0.40-pre1.

Remote: Haven't got a clue, not during my days as a 2.0-maintainer, at least. But a local root-exploit is usually all it takes anyway, since crackers have an annoying tendence to manage to get into almost any machine, no matter the operating system...

Several of the fixes in 2.0.40 relate to things that can at least leak information or crash your machine. No obvious root-holes, though.

Of course, there are a few fixes for potential file system corruption in 2.0.39, and a _really_ talented cracker might be able to layout files in the right manner, trigger the corruption and somehow hack the system that way. Who knows? I'm not a really talented cracker...

MH: Who contributes patches to the 2.0 tree these days?

David Weinehall: Well, all the names are in the changelog... ;-)

On a more serious note, the most frequent contributor is Michael Deutschmann. The latest 2.0-kernels owes him a lot of recognition. The rest of the contributions are spread out pretty evenly among a great many (to be a kernel that has a deminishing user-base, at least) persons. Also, quite a lot of the fixes are backports from the 2.2-kernels.

Another important contributor is Solar Designer, who has provided me with several important security fixes.

MH: What have changed between 2.0.39 and the upcoming 2.0.40, anything big or just bugfixes?

David Weinehall: There have been quite a lot of smaller changes to fix theoretical local exploits (mostly things that made it easy for a local user to crash your machine), some network-related bugs, and some modifications to ext2fs to fix potential file system corruption.

A few memory leaks, and several data leaks have also been fixed. All in all, most 2.0 users should probably be interested in this fix, at least if the machines are connected to the Internet or have potentially malicious users.

For correctness, I've also updated quite a lot of documentation, and fixed a lot of compile-time warnings.

MH: When do you expect to release 2.0.40?

David Weinehall: Within the next two weeks, barring unforseen events.

MH: Have you been contributing in other kernel development?

David Weinehall: I've contributed quite some MCA-related stuff to the 2.2 and 2.4 kernel series, and fixed some minor bugs, but I can't recall contributing anything to the 2.6-kernel (might have sent some patches in the early 2.5-era though), and the closest I come to BSD is my nice Mac G4 that runs MacOS X v10.3...

To be honest, I do more and more userland development these days, I have a set of gimp-plugins for importing from/exporting to the Commodore 64 (quite a lot of image-formats), a simple program to monitor the mailbox (lsmbox). I am also working on a very extensive set of programs for managing user- and group-accounts (passwd-ng), but it's far from finished (a little functionality and a _lot_ of auditing left to do; again, people interested in helping, feel free to contact me, I'm going to need help with PAM at the very least...)

MH: Can you provide a little more information about passwd-ng?

David Weinehall: Well, passwd-ng aims to implement work-alikes of the user- and group-management tools in AIX, such as {ls,ch,mk,rm}user and {ls,ch,mk,rm}group, chgrpmem.

While at it, I'm also reimplementing all relevant parts of the passwd-suite (lsage, chage, chfn, chsh, vipw, cppw, passwd, chpasswd, and so on), and in the longer run hopefully also login, su, sg, etc.

A lot is left to be done; so far I'm only at v0.1.1, and the following commands have been implemented (complete with manual-pages):

{ls,ch,mk,rm}user
{ls,ch}age
{ls,ch,mk,rm}group
chgrpmem
{vi,cp}pw
chfn
chsh

My first aim is not to compete with passwd, but rather to be able to replace it on my own systems. At a later date, who knows? One reason for the slow rate of development is that I'm doing all testing on my development-machine, so I have to be pretty confident I haven't fucked up before testing each new piece of code. Dedicated test-machines is for sissies... ;-P

Of course, if anyone is interested in helping out with this project, be it with testing, programming, or translating the programs and the documentation, feel free to contact me.

MH: Thank you for maintaining the 2.0 kernel and for this interview!

• David Weinehall's homepage